If this is your first visit, be sure to
check out the Forum Rules by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

BT4 Brute Force...

I am trying to crack a WPA-PSK key in my BasicOffensive Security Class using BackTrack 4 Beta Release. I have a dict file over 80MBs, but I STILL cant get the pass... The password might be something completely random like "aw91t@$l2".

The goal of the assignment is to use all available resources to get that pass, even if we haven't learned the techniques as yet. (We were basically instructed for 2 weeks on the basics, the popped with this for two test grades... T_T)What should I do?

you could try this way: (but it will be a bad way too, it is just an idea i've never tried before)

-Kill the true AP with MDK3
-create a fake AP with the same BSSID and a fake WPA encryption (i dont remember if the fake encryption is possible)
-route the traffic through this new connection (victims will have an internet access)
-create a fake Router Home page (you must know the brand and model of this one) or a Provider home page and start it on the apache server
-dns spoofing and sniffing with ettercap to grab login and password to try to enter the router and read the wpa key

Second idea: (a remote keylogging)
create a trojan with the metasploit meterpreter and link it with a document or a file (where you ask the victim to go in the router and retype its security parameters or its wpa key). Send it to your victim. Start a keylogging to grab the wpa key....

with my two methods you will have 2 chances on 1 million to grab the wpa key but i really think "social engineering" will be easier.

-Kill the true AP with MDK3
-create a fake AP with the same BSSID and a fake WPA encryption (i dont remember if the fake encryption is possible)
-route the traffic through this new connection (victims will have an internet access)
-create a fake Router Home page (you must know the brand and model of this one) or a Provider home page and start it on the apache server-dns spoofing and sniffing with ettercap to grab login and password to try to enter the router and read the wpa key

You forgot something important... He can't access the router setup pages if he doesn't has the WPA key... So this method is worthless. A possible way would be:

Originally Posted by murdock69

-Kill the true AP with MDK3
-create a fake AP with the same BSSID and a fake WPA encryption (i dont remember if the fake encryption is possible)
-route the traffic through this new connection (victims will have an internet access)-use Wireless Key Grabber

Go read some more about networks, i think you're not understanding how it works.

It was just a question, not a method...

That's why i post in this area...But you're right there are lot of things to learn about networks and i have a lot of lacks. I know it is impossible to enter the victim's router without the Wpa Key on its network but i thought it was possible to redirect the victim on the Fake AP to a "fake router setup page".

I do this method to create fake Hotspots(wpa encrypted) to grab passwords and logins and it works. In this case it is possible to know the manufacturer of the router with the router mac address (macchanger) and imagine a fake "error page" where the victim have to reenter login, password and WPA key to reset the network (the victim is on your network so you can grab them)

I do this method to create fake Hotspots(wpa encrypted) to grab passwords and logins and it works. In this case it is possible to know the manufacturer of the router with the router mac address (macchanger) and imagine a fake "error page" where the victim have to reenter login, password and WPA key to reset the network (the victim is on your network so you can grab them)

Yes, this seems possible to me, but what you were suggesting, and quoting:

is it possible to know the model and the brand by a sniff with wireshark in promiscious mode and a filter on wifi headers to create a fake setup page?

, isn't possible without the router password, even if you are in promiscuous mode, because the data packets are encrypted. The only solution (that i know of) is to use programs to try and match the MAC address to a manufacturer. Or get visual contact with the router. Or, in some cases (i.e. when the router is from an ISP that changes ssid to a custom one), looking at the ssid and searching the internet for the matching brand of the router.

Yes, this seems possible to me, but what you were suggesting, and quoting:

, isn't possible without the router password, even if you are in promiscuous mode, because the data packets are encrypted. The only solution (that i know of) is to use programs to try and match the MAC address to a manufacturer. Or get visual contact with the router. Or, in some cases (i.e. when the router is from an ISP that changes ssid to a custom one), looking at the ssid and searching the internet for the matching brand of the router.